Jump to content

Recommended Posts

I've been unable to update database since 1/4

 

Tried to reinstall but was told the installer was corrupted

 

Same sort of message when trying to use DDR.com

 

DDR.scr in silent mode was able to work

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by David at 9:58:14 on 2014-01-25
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8120.5771 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ Power Control\PowerControlHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFi GO! Server.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
C:\Program Files (x86)\Internet Content Filter\safeeyes.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AsDLNAServerReal.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = local
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
mRun: [iCF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\David\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{53B7799F-D4A5-4434-A38F-9432C7EB275D} : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /DTSU2P
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\

FF - prefs.js: browser.search.selectedEngine - MixiDJ V8 Customized Web Search
FF - prefs.js: browser.startup.homepage - about:home

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll
FF - plugin: C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2013-2-15 14848]
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-2-15 82560]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-2-15 42624]
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 207904]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-2-16 776168]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-2-16 343312]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-2-16 1034464]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2013-2-16 422216]
R1 ndisrd;WinpkFilter LightWeight Filter;C:\Windows\System32\drivers\ndisrd.sys [2013-2-15 32400]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-2-15 149120]
R2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [2013-2-15 1475744]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-2-16 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-14 50344]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-2-15 233328]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe [2009-9-17 703080]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-12-13 250712]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2013-2-16 219272]
R2 mfeicfcore;McAfee Internet Content Filter Core Service;C:\Program Files (x86)\Internet Content Filter\mfeicfcore.exe [2013-2-16 2765968]
R2 mfeicfupdate;McAfee Internet Content Filter Update Service;C:\Program Files (x86)\Internet Content Filter\UpdateService.exe [2013-10-2 2316328]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-2-16 182752]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-2-16 310224]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2013-2-16 519064]
R3 pppop;PPPoP WAN Adapter;C:\Windows\System32\drivers\pppop64.sys [2009-7-21 42528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-15 677480]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-2-15 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-2-16 46136]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-14 79672]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-2-22 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-15 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-23 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-16 1255736]
.
=============== Created Last 30 ================
.
2014-01-25 14:23:58    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7981EE17-E861-4242-9D36-A9AF8CC2643D}\offreg.dll
2014-01-25 14:18:22    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7981EE17-E861-4242-9D36-A9AF8CC2643D}\mpengine.dll
2014-01-15 20:54:18    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 20:54:18    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-15 20:54:18    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-15 20:54:18    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-15 20:54:18    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-15 20:54:18    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2014-01-15 20:54:18    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 20:54:18    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-15 20:54:17    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-14 21:44:08    79672    ----a-w-    C:\Windows\System32\drivers\aswstm.sys
.
==================== Find3M  ====================
.
2014-01-25 14:08:17    1048576    ----a-w-    C:\Windows\PE_Rom.dll
2014-01-18 18:07:58    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-18 18:07:57    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-14 21:44:07    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-14 21:44:07    43152    ----a-w-    C:\Windows\avastSS.scr
2014-01-14 21:44:07    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-01-14 21:44:07    1034464    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-12-18 11:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
============= FINISH:  9:58:27.89 ===============
 

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 2/15/2013 11:01:08 AM
System Uptime: 1/23/2014 5:37:25 PM (40 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | M5A99X EVO R2.0
Processor: AMD FX-6100 Six-Core Processor              | Socket 942 | 3300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 168 GiB total, 79.31 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 326 GiB total, 224.868 GiB free.
F: is FIXED (NTFS) - 298 GiB total, 215.385 GiB free.
G: is FIXED (NTFS) - 9 GiB total, 1.194 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP134: 12/31/2013 12:45:37 PM - Windows Update
RP135: 1/4/2014 9:57:12 AM - Windows Update
RP136: 1/7/2014 2:45:11 PM - Windows Update
RP137: 1/11/2014 9:55:37 AM - Windows Update
RP138: 1/14/2014 4:42:48 PM - avast! antivirus system restore point
RP139: 1/16/2014 3:00:17 AM - Windows Update
RP140: 1/21/2014 7:32:49 PM - Windows Update
RP141: 1/25/2014 9:18:12 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Flash Player 12 ActiveX
Adobe Reader X (10.1.8) MUI
AI Suite II
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
avast! Free Antivirus
Bonjour
Brother MFL-Pro Suite MFC-7340
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CPUID ASUS CPU-Z 1.60.1
D3DX10
Elevated Installer
FortiClient SSL VPN v4.0.2073
Garmin Express
Garmin Express Tray
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
iTunes
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Money 2007
Microsoft Money Shared Libraries
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Word 2002
Movie Maker
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.1
Photo Common
Photo Gallery
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Safe Eyes
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Skype™ 6.3
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wnjiper
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 15.0
.
==== Event Viewer Messages From Past Week ========
.
1/22/2014 10:18:24 AM, Error: Service Control Manager [7034]  - The McAfee Internet Content Filter Core Service service terminated unexpectedly.  It has done this 1 time(s).
1/21/2014 7:21:38 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

Hello dmilillo1 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

I ran the programs and they found and cleaned some things

 

I was still not able to update MBAM database until I disabled Avast, so it is possible some of my main problem was related to updates in Avast

 

Here are the logs:

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by MainAdmin on Sun 01/26/2014 at 21:19:31.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3287822
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricepeep_1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\pricepeep_1_RASMANCS
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\end"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/26/2014 at 21:22:37.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner:
 
# AdwCleaner v3.017 - Report created 26/01/2014 at 21:31:24
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : MainAdmin - ASUSFX_SSD
# Running from : C:\Users\MainAdmin\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\David\AppData\Local\Conduit
Folder Deleted : C:\Users\David\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\David\AppData\Roaming\strongvault
Folder Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\Smartbar
Folder Deleted : C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\user.js
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\MainAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\erv8fit3.default\prefs.js ]
 
 
[ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\3uljp13o.default\prefs.js ]
 
Line Deleted : user_pref("CT3287822.BBActive.enc", "eWVz");
Line Deleted : user_pref("CT3287822.BBID.enc", "MTgwMGVmNTVmMWQ0MDYyNw==");
Line Deleted : user_pref("CT3287822.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.FF19Solved", "true");
Line Deleted : user_pref("CT3287822.FirstTime", "true");
Line Deleted : user_pref("CT3287822.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3287822.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vcHMvVG9wSGl0c0dlbmVyaWNBcHAvY29uZmlncy9VUy1VSy1EYW5jZS1Sb2NrLVJhcC9zcHJpdGUucG5nIiwNCiAgICAiaX[...]
Line Deleted : user_pref("CT3287822.UserID", "UN32331252221026532");
Line Deleted : user_pref("CT3287822.YTbyClickFavorites.enc", "W10=");
Line Deleted : user_pref("CT3287822.YTbyClickRecent.enc", "W10=");
Line Deleted : user_pref("CT3287822.autoDisableScopes", -1);
Line Deleted : user_pref("CT3287822.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287822.defaultSearch", "true");
Line Deleted : user_pref("CT3287822.embeddedsData", "[{\"appId\":\"130058556988002179\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3287822.enableAlerts", "always");
Line Deleted : user_pref("CT3287822.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3287822.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3287822.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3287822.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3287822.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3287822.fixUrls", true);
Line Deleted : user_pref("CT3287822.installDate", "23/3/2013 17:13:15");
Line Deleted : user_pref("CT3287822.installId", "aaa_cid128_49");
Line Deleted : user_pref("CT3287822.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3287822.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3287822.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3287822.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3287822.keyword", "true");
Line Deleted : user_pref("CT3287822.lastVersion", "10.14.65.43");
Line Deleted : user_pref("CT3287822.mam_gk_CouponBuddy_appState.enc", "");
Line Deleted : user_pref("CT3287822.mam_gk_PriceGong_appState.enc", "b24=");
Line Deleted : user_pref("CT3287822.mam_gk_PriceGrabber_appState.enc", "b24=");
Line Deleted : user_pref("CT3287822.mam_gk_appStateReportTime.enc", "MTM2NDA3MzQxNDEwMQ==");
Line Deleted : user_pref("CT3287822.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3287822.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjM5NDI4ODdmLTE4ZmUtNGQwNy1hOGY5LTZhNzZmMTcxNjQ2NiIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3287822.mam_gk_currentVersion.enc", "MS40LjMuMg==");
Line Deleted : user_pref("CT3287822.mam_gk_eventsCache.enc", "eyJhYTY2MTA2Ny0yOTJjLTRkZGYtODY3MC1hMTJmZjU5YjQ4NzgiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjpbIldlbGNvbWUiLCJWaWV3Il0sInVuaXF1ZUlkIjoiYWE2NjEwNjctMjkyYy00Z[...]
Line Deleted : user_pref("CT3287822.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3287822.mam_gk_gadgetOpen.enc", "MA==");
Line Deleted : user_pref("CT3287822.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3287822.mam_gk_lastLoginTime.enc", "MTM2NDA3MzQxMDAzOQ==");
Line Deleted : user_pref("CT3287822.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3287822.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTg3XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Deleted : user_pref("CT3287822.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.mam_gk_showWelcomeGadget.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287822.mam_gk_userId.enc", "M2U4NjMzMTAtOTEwNy00Zjc5LWI5NjEtZmQ4YTA0MzYwMGQx");
Line Deleted : user_pref("CT3287822.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3287822.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3287822.openThankYouPage", "false");
Line Deleted : user_pref("CT3287822.openUninstallPage", "true");
Line Deleted : user_pref("CT3287822.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3287822.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3287822.search.searchAppId", "130058556988002179");
Line Deleted : user_pref("CT3287822.search.searchCount", "0");
Line Deleted : user_pref("CT3287822.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3287822.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3287822.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287822\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"MixiDJ V8\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287822.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364073261672");
Line Deleted : user_pref("CT3287822.serviceLayer_services_appsMetadata_lastUpdate", "1364073261673");
Line Deleted : user_pref("CT3287822.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1364073261670");
Line Deleted : user_pref("CT3287822.serviceLayer_services_location_lastUpdate", "1364073200813");
Line Deleted : user_pref("CT3287822.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364073261878");
Line Deleted : user_pref("CT3287822.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1364073261671");
Line Deleted : user_pref("CT3287822.serviceLayer_services_searchAPI_lastUpdate", "1364073200943");
Line Deleted : user_pref("CT3287822.serviceLayer_services_serviceMap_lastUpdate", "1364073200230");
Line Deleted : user_pref("CT3287822.serviceLayer_services_setupAPI_lastUpdate", "1364073201675");
Line Deleted : user_pref("CT3287822.serviceLayer_services_toolbarContextMenu_lastUpdate", "1364073261669");
Line Deleted : user_pref("CT3287822.serviceLayer_services_toolbarSettings_lastUpdate", "1364073201588");
Line Deleted : user_pref("CT3287822.serviceLayer_services_translation_lastUpdate", "1364073261675");
Line Deleted : user_pref("CT3287822.settingsINI", true);
Line Deleted : user_pref("CT3287822.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3287822.smartbar.CTID", "CT3287822");
Line Deleted : user_pref("CT3287822.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3287822.smartbar.homepage", true);
Line Deleted : user_pref("CT3287822.smartbar.toolbarName", "MixiDJ V8 ");
Line Deleted : user_pref("CT3287822.startPage", "true");
Line Deleted : user_pref("CT3287822.toolbarDisabled", "true");
Line Deleted : user_pref("CT3287822_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1364073198958,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V8 Customized Web Search");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287822");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V8 Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V8 Customized Web Search");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", "");
 
[ File : C:\Users\Susan\AppData\Roaming\Mozilla\Firefox\Profiles\8xedz8t9.default\prefs.js ]
 
 
-\\ Google Chrome v32.0.1700.76
 
[ File : C:\Users\MainAdmin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
 
[ File : C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : search_url
 
*************************
 
AdwCleaner[R0].txt - [13080 octets] - [26/01/2014 21:29:52]
AdwCleaner[s0].txt - [13120 octets] - [26/01/2014 21:31:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [13181 octets] ##########
 
MBAM:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.27.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
MainAdmin :: ASUSFX_SSD [administrator]
 
1/26/2014 9:42:35 PM
mbam-log-2014-01-26 (21-42-35).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 262961
Time elapsed: 3 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
Link to post
Share on other sites

Apologies.  I just back from a business trip

 

I followed the link instructions but still was unable to update the mb database without disabling avast

 

As well, browsing is still slow and getting stuck at places

 

I've redone all the scans and nothing is showing up

 

Not sure what to make of that

 

Thank you

Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

ComboFix log

 

ComboFix 14-02-01.01 - MainAdmin 02/01/2014  11:40:42.1.6 - x64 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8120.7333 [GMT -5:00]
Running from: c:\users\MainAdmin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\sdelevURL.tmp
c:\users\Susan\Documents\~WRL0005.tmp
c:\users\Susan\Documents\~WRL0884.tmp
c:\users\Susan\Documents\~WRL2803.tmp
c:\users\Susan\Documents\~WRL2829.tmp
c:\users\Susan\Documents\~WRL3251.tmp
c:\users\Susan\Documents\~WRL3325.tmp
c:\users\Susan\g2mdlhlpx.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-01 to 2014-02-01  )))))))))))))))))))))))))))))))
.
.
2014-02-01 16:45 . 2014-02-01 16:45    --------    d-----w-    c:\users\Susan\AppData\Local\temp
2014-02-01 16:45 . 2014-02-01 16:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-01 16:45 . 2014-02-01 16:45    --------    d-----w-    c:\users\David\AppData\Local\temp
2014-02-01 14:30 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A401AF48-5B78-41F0-9571-4BEA4C519C08}\mpengine.dll
2014-01-29 04:05 . 2014-01-29 04:05    --------    d-----w-    c:\windows\Migration
2014-01-27 02:29 . 2014-01-28 00:56    --------    d-----w-    C:\AdwCleaner
2014-01-27 02:24 . 2014-01-27 02:24    --------    d-----w-    c:\users\MainAdmin\AppData\Local\Macromedia
2014-01-27 02:19 . 2014-01-27 02:19    --------    d-----w-    c:\windows\ERUNT
2014-01-27 02:16 . 2014-01-27 02:17    --------    d-----w-    c:\users\MainAdmin\AppData\Local\Mozilla
2014-01-26 14:43 . 2014-01-26 14:43    --------    d-----w-    c:\users\MainAdmin\AppData\Roaming\TuneUp Software
2014-01-26 00:37 . 2014-01-26 00:37    --------    d-----w-    c:\users\MainAdmin\AppData\Roaming\AVAST Software
2014-01-26 00:26 . 2014-01-26 00:33    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-26 00:25 . 2014-01-26 00:25    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-25 20:32 . 2014-01-25 20:32    --------    d-----w-    c:\users\MainAdmin\AppData\Roaming\Malwarebytes
2014-01-15 20:54 . 2013-11-27 01:41    343040    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-01-15 20:54 . 2013-11-27 01:41    99840    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-01-15 20:54 . 2013-11-27 01:41    53248    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-01-15 20:54 . 2013-11-27 01:41    325120    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-01-15 20:54 . 2013-11-27 01:41    25600    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2014-01-15 20:54 . 2013-11-27 01:41    30720    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-01-15 20:54 . 2013-11-27 01:41    7808    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-01-15 20:54 . 2013-11-26 10:32    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-01-15 20:54 . 2013-11-26 11:40    376768    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-01-14 21:44 . 2014-01-26 14:56    80184    ----a-w-    c:\windows\system32\drivers\aswstm.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-01 14:21 . 2013-02-16 05:01    1048576    ----a-w-    c:\windows\PE_Rom.dll
2014-01-26 14:56 . 2013-02-16 05:14    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-26 14:56 . 2013-02-16 05:14    421704    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-01-26 14:56 . 2013-02-16 05:14    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2014-01-26 14:56 . 2013-02-16 05:14    1038072    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-26 14:56 . 2013-02-16 05:14    43152    ----a-w-    c:\windows\avastSS.scr
2014-01-18 18:07 . 2013-03-03 21:43    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-18 18:07 . 2013-03-03 21:43    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-16 08:00 . 2013-02-23 14:41    86054176    ----a-w-    c:\windows\system32\MRT.exe
2014-01-14 21:44 . 2013-03-16 14:24    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-12-18 11:13 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2013-12-02 20:47 . 2013-12-02 20:47    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-02 20:47 . 2013-12-02 20:47    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-02 20:47 . 2013-12-02 20:47    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-02 20:47 . 2013-12-02 20:47    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-02 20:47 . 2013-12-02 20:47    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-02 20:47 . 2013-12-02 20:47    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-02 20:47 . 2013-12-02 20:47    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-02 20:47 . 2013-12-02 20:47    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-02 20:47 . 2013-12-02 20:47    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-02 20:47 . 2013-12-02 20:47    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-02 20:47 . 2013-12-02 20:47    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-02 20:47 . 2013-12-02 20:47    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-02 20:47 . 2013-12-02 20:47    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-02 20:47 . 2013-12-02 20:47    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-02 20:47 . 2013-12-02 20:47    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-12-02 20:47 . 2013-12-02 20:47    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-02 20:47 . 2013-12-02 20:47    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-02 20:47 . 2013-12-02 20:47    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-02 20:47 . 2013-12-02 20:47    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-12-02 20:47 . 2013-12-02 20:47    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-02 20:47 . 2013-12-02 20:47    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-12-02 20:47 . 2013-12-02 20:47    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-02 20:47 . 2013-12-02 20:47    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-12-02 20:47 . 2013-12-02 20:47    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-02 20:47 . 2013-12-02 20:47    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-02 20:47 . 2013-12-02 20:47    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-02 20:47 . 2013-12-02 20:47    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-12-02 20:47 . 2013-12-02 20:47    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-02 20:47 . 2013-12-02 20:47    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-02 20:47 . 2013-12-02 20:47    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-02 20:47 . 2013-12-02 20:47    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-02 20:47 . 2013-12-02 20:47    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-02 20:47 . 2013-12-02 20:47    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-02 20:47 . 2013-12-02 20:47    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-02 20:47 . 2013-12-02 20:47    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-02 20:47 . 2013-12-02 20:47    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-02 20:47 . 2013-12-02 20:47    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-02 20:47 . 2013-12-02 20:47    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-02 20:47 . 2013-12-02 20:47    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-02 20:47 . 2013-12-02 20:47    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-02 20:47 . 2013-12-02 20:47    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-02 20:47 . 2013-12-02 20:47    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-12-02 20:47 . 2013-12-02 20:47    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-02 20:47 . 2013-12-02 20:47    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-02 20:47 . 2013-12-02 20:47    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-02 20:47 . 2013-12-02 20:47    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-02 20:47 . 2013-12-02 20:47    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-02 20:47 . 2013-12-02 20:47    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-02 20:47 . 2013-12-02 20:47    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-02 20:47 . 2013-12-02 20:47    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-12-02 20:47 . 2013-12-02 20:47    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-02 20:47 . 2013-12-02 20:47    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-02 20:47 . 2013-12-02 20:47    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-02 20:47 . 2013-12-02 20:47    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-02 20:47 . 2013-12-02 20:47    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-12-02 20:47 . 2013-12-02 20:47    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-02 20:47 . 2013-12-02 20:47    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-02 20:47 . 2013-12-02 20:47    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-02 20:47 . 2013-12-02 20:47    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-15 08:01    23183360    ----a-w-    c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-15 08:01    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-15 08:01    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-15 08:01    66048    ----a-w-    c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-15 08:01    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-15 08:01    2764288    ----a-w-    c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-15 08:01    53760    ----a-w-    c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-15 08:01    33792    ----a-w-    c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-15 08:01    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-15 08:01    574976    ----a-w-    c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-15 08:01    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-15 08:01    111616    ----a-w-    c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-15 08:01    708608    ----a-w-    c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-15 08:01    218624    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-15 08:01    5769216    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-15 08:01    553472    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-15 08:01    4243968    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-15 08:01    1995264    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-15 08:01    12996608    ----a-w-    c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-15 08:01    1928192    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-15 08:01    2334208    ----a-w-    c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-15 08:01    1395200    ----a-w-    c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-15 08:01    817664    ----a-w-    c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-15 08:01    1820160    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-14 14:17    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-14 14:17    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-14 14:17    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-14 14:17    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2011-10-31 465536]
"ASUS WiFi GO! FileTransfer Execute"="c:\program files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe" [2012-06-09 1384608]
"ICF"="c:\program files (x86)\Internet Content Filter\SafeEyes.exe" [2013-07-31 3267512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-26 3767096]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [x]
R2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [x]
R2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.01.10\AsusFanControlService.exe [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [x]
R2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe;c:\windows\SysWOW64\FortiSSLVPNdaemon.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 mfeicfcore;McAfee Internet Content Filter Core Service;c:\program files (x86)\Internet Content Filter\mfeicfcore.exe;c:\program files (x86)\Internet Content Filter\mfeicfcore.exe [x]
R2 mfeicfupdate;McAfee Internet Content Filter Update Service;c:\program files (x86)\Internet Content Filter\UpdateService.exe;c:\program files (x86)\Internet Content Filter\UpdateService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Ultra Vision(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop64.sys;c:\windows\SYSNATIVE\DRIVERS\pppop64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 00:28    1211672    ----a-w-    c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 18:07]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16 04:54]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-16 04:54]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309692881-1577990021-1143101018-1005Core.job
- c:\users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-31 20:10]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309692881-1577990021-1143101018-1005UA.job
- c:\users\Susan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-31 20:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-26 14:56    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-12-06 20:47    778704    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-02-08 1158248]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\MainAdmin\AppData\Roaming\Mozilla\Firefox\Profiles\erv8fit3.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_38.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-01  11:47:44
ComboFix-quarantined-files.txt  2014-02-01 16:47
.
Pre-Run: 84,339,183,616 bytes free
Post-Run: 84,333,019,136 bytes free
.
- - End Of File - - 31372A1F0F40BA2B2ED9DDDF1D8AED29
8913823FF508CCF109DB74B636C301DA
 

Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

C:\Users\All Users\InstallMate\{C38742CA-AED9-40DD-A236-E6FB1864603C}\Custom.dll    Win32/InstalleRex.L application    
E:\Users\All Users\InstallMate\{C38742CA-AED9-40DD-A236-E6FB1864603C}\Custom.dll    Win32/InstalleRex.L application    
F:\Users\All Users\InstallMate\{C38742CA-AED9-40DD-A236-E6FB1864603C}\Custom.dll    Win32/InstalleRex.L application    
C:\ProgramData\InstallMate\{C38742CA-AED9-40DD-A236-E6FB1864603C}\Custom.dll    Win32/InstalleRex.L application    cleaned by deleting - quarantined
C:\Users\David\Downloads\cbsidlm-tr1_7-Graboid_Video-SEO-10910304.exe    Win32/DownloadAdmin.D application    cleaned by deleting - quarantined
C:\Users\David\Downloads\GraboidVideoSetup-3.54.exe    Win32/Graboid application    cleaned by deleting - quarantined
C:\Users\David\Downloads\openofficesuite-setup.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
C:\Users\David\Downloads\speedupmypc.exe    Win32/SpeedUpMyPC application    cleaned by deleting - quarantined
C:\Users\MainAdmin\Downloads\GraboidVideoSetup-2.4-Complete.exe    Win32/Graboid application    cleaned by deleting - quarantined
C:\Users\MainAdmin\Downloads\ZipOpenerSetup.exe    a variant of Win32/InstallCore.IX application    cleaned by deleting - quarantined
C:\Users\Susan\AppData\LocalLow\MixiDJ_V8\ldrtbMixi.dll    a variant of Win32/Toolbar.Conduit.P application    cleaned by deleting - quarantined
C:\Users\Susan\AppData\LocalLow\MixiDJ_V8\tbMixi.dll    a variant of Win32/Toolbar.Conduit.B application    cleaned by deleting - quarantined
C:\Users\Susan\Downloads\cbsidlm-tr1_12-BibleMan_A_Fight_for_Faith_demo-SEO-10475641.exe    Win32/DownloadAdmin.G application    cleaned by deleting - quarantined
E:\Users\Susan\Downloads\couponprinter(2).exe    probably a variant of Win32/Adware.Softomate.AD application    cleaned by deleting - quarantined
E:\Users\Susan\Downloads\couponprinter(3).exe    probably a variant of Win32/Adware.Softomate.AD application    cleaned by deleting - quarantined
E:\Users\Susan\Downloads\couponprinter.exe    probably a variant of Win32/Adware.Softomate.AD application    cleaned by deleting - quarantined
F:\Program Files\Uniblue\SpeedUpMyPC\sp_track_install.exe    Win32/SpeedUpMyPC application    cleaned by deleting - quarantined
F:\Program Files\W3i\UninstallHelper\UninstallHelper.exe    probably a variant of Win32/InstallIQ.A application    cleaned by deleting - quarantined
F:\Users\David\AppData\Local\Babylon\Setup\BExternal.dll    a variant of Win32/Toolbar.Babylon.F application    cleaned by deleting - quarantined
F:\Users\David\AppData\Local\Babylon\Setup\IECookieLow.dll    a variant of Win32/Toolbar.Babylon.E application    cleaned by deleting - quarantined
F:\Users\David\AppData\Local\Babylon\Setup\Setup.exe    a variant of Win32/Toolbar.Babylon.H application    cleaned by deleting - quarantined
F:\Users\David\Downloads\cbsidlm-tr1_7-Graboid_Video-SEO-10910304.exe    Win32/DownloadAdmin.D application    cleaned by deleting - quarantined
F:\Users\David\Downloads\GraboidVideoSetup-3.54.exe    Win32/Graboid application    cleaned by deleting - quarantined
F:\Users\David\Downloads\speedupmypc.exe    Win32/SpeedUpMyPC application    cleaned by deleting - quarantined
F:\Users\Main Admin\Downloads\GraboidVideoSetup-2.4-Complete.exe    Win32/Graboid application    cleaned by deleting - quarantined
 

Link to post
Share on other sites

Step 1

Please manually delete the following folders:

C:\Users\All Users\InstallMate

C:\ProgramData\InstallMate

C:\Users\Susan\AppData\LocalLow\MixiDJ_V8

F:\Users\David\AppData\Local\Babylon

Step 2

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Step 1

  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
    • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.

      Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.

  • Step 2
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

I'm really suspecting Avast as being the cause of many of the problems that are persisting

Because when I disable Avast I seem to be ok

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.15.05
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
David :: ASUSFX_SSD [administrator]
 
2/15/2014 12:10:13 PM
mbam-log-2014-02-15 (12-10-13).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 274106
Time elapsed: 3 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

No, it's not alright

But at this point I'm doubting there is any more influence from viruses.  They appear cleaned up completely

 

But there are still problems with Avast.

 

So I have some decisions to make in regards to continuing with Avast or replacing it

 

I'll at least attempt to uninstall and reinstall

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.